[Makes detected hacks undetected] Simple PE Cipher

I was talking to Bombsaway a few days ago and he was saying that the old method of ciphering a file (pumping shit onto the end of the file) no longer works with CA. It just so happens I was bored at the time so I wrote this simple little cipher. Basically it just manipulates a few values within the PE structure and also rewrites some data into the .text section.

This, unlike the older ciphers, should work to fool Nexon's hash logic.

Using it is pretty straightforward:

Download the .zip and extract it

Run "Simple PE Cipher.exe"

Press the browse button to locate your Dll

Press "Run Cipher", if all goes as expected you should see a "Cipher Completed Successfully" message box appear.

Inject the .dll. A backup of the original .dll is also created (with a .bak extension) in the same directory as the ciphered dll so you can revert at any time if something goes wrong.

Written in Win32 C++ for teh lulz.

If you have any issues with it, please feel free to PM me or post in the thread, I'll do my best to rectify the issues.Virus ScanJotti

No idea why this had those two scanners report a backdoor to be honest. Perhaps because I'm using some I/O API, dunno.

Anyways, enjoy, and report back with results.

Last edited by Drake; 08-26-2012 at 09:47 PM.

Originally Posted by Jeremy S. Anderson

There are only two things to come out of Berkley, Unix and LSD,
and I don’t think this is a coincidence

Lol, it's up to your own judgement if you want to use the Cipher, obviously. However, it is clean. I've been a member here for over 2 years and never released anything infected, I was also a minion for 9 months. Also note, those "scanners" that picked up viruses are some of the dodgiest scanners on the list. Most just use very basic methods of scanning (such as checking certain API calls and then calling them "viruses"), in absence of any real virus detection.

The long and short of it is that scanners can be very temperamental when you start doing anything with File IO. This app drops a new file and renames existing files and I guess that's why some of the shitty scanners are picking it up as a virus.

Last edited by Broderick; 08-31-2012 at 05:20 AM.

The fish trap exists because of the fish.
Once you've gotten the fish you can forget the trap.
The rabbit snare exists because of the rabbit.
Once you've gotten the rabbit, you can forget the snare.
Words exist because of meaning.
Once you've gotten the meaning, you can forget the words.
Where can I find a man who has forgotten words so I can talk with him?

Anyways, I use Extreme Injector and for some reason the Combat Arms process (Engine.exe) doesn't show up. Any help?

Has nothing to do with me. But the process would only come up if it was running, otherwise you'll need to type it in manually.

The fish trap exists because of the fish.
Once you've gotten the fish you can forget the trap.
The rabbit snare exists because of the rabbit.
Once you've gotten the rabbit, you can forget the snare.
Words exist because of meaning.
Once you've gotten the meaning, you can forget the words.
Where can I find a man who has forgotten words so I can talk with him?

Typed it in manually and got it working, but Combat Arms closes whenever I I have the injector open.

master131 is not me, go ask him about his injector, not me.

The fish trap exists because of the fish.
Once you've gotten the fish you can forget the trap.
The rabbit snare exists because of the rabbit.
Once you've gotten the rabbit, you can forget the snare.
Words exist because of meaning.
Once you've gotten the meaning, you can forget the words.
Where can I find a man who has forgotten words so I can talk with him?

I have a problem when browsing for my downloaded hack. When i click load it says you do not have permission to open this file, contact the file owner or admin to obtain permission. Sorry if this is a stupid and/or obvious question.